hxxps://links[.]milanote[.]com/uni/ls/click?upn=u001[.]qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8

Resubmissions

12-12-2024 20:42

241212-zhb7aaxja1 3

12-12-2024 20:41

241212-zgkf9swrhw 3

12-12-2024 20:38

241212-ze8q3syndk 3

12-12-2024 19:08

241212-xtbzjstqfy 5

Analysis

max time kernel
211s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-12-2024 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://links.milanote.com/uni/ls/click?upn=u001.qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
744	msedge.exe
744	msedge.exe
4892	identity_helper.exe
4892	identity_helper.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 2500	744	msedge.exe	83
PID 744 wrote to memory of 2500	744	msedge.exe	83
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 2636	744	msedge.exe	84
PID 744 wrote to memory of 1088	744	msedge.exe	85
PID 744 wrote to memory of 1088	744	msedge.exe	85
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86
PID 744 wrote to memory of 4168	744	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://links.milanote.com/uni/ls/click?upn=u001.qLX9yCzR-2FsrNCveODBYktWd2QtsYHwBxjMjZ1TpW-2F9lZdAf5STwUhyaGQHzHPUx-2FNQxJ30vBX2Y81zxqoisMGMqOvOyKqTzQA08jTvkGdkXIRnTIJ74clhJV9FJLnnaAsWFoxEWqxKk-2BA2qeCTh-2F6Q-3D-3DW9d5_WA7Xc4T8Sqer3xyrekkmupnYceSwGsGdnamiEdEsjajhLqFLe37BsQvKgGbBGvdfQ6X0Bzm-2BFw9u8QsnNTCp-2FHgW3vwJN4gW6Pyy8ta9v8zHYqFF40w2Y15HXzHo34nGRQzcj8dJgKQosHXbuP4-2BHtLJErXZEbJveQs5qmsyFYm8hTwPJ-2FSnBJiEloT65ph8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e84718
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1188 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,32096641067290881,12571765598597126763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:3280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
7de7eedd15f827b5372795524a3b3cbe

SHA1
9138bb18055fb303027eaa7285f7f6b9bf96b823

SHA256
761b0cb38be7d15a8e9df2a2e3de608e7c6b4f38b7bf43b59f1236d66ab3941a

SHA512
e3f4537baa82ec6fb4141215fd9367d3c9c4becfc2dda2b161a1fc8236008913f401324d8bd749a2e048d90739e8e02afeeaf0288a9d6b3265ef51aec8f4f48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
b49d909cf6af6dc8f517139d133128f4

SHA1
a707e7f4402821fb21cdd7d7a79c2feb45d33ce2

SHA256
03cb46008d765e4477a90ca35c6cb687e5e19fff1da121fd57b67c255ef9e677

SHA512
c554cc072effeb3115a8948397dca30024978541b298764030a0a90b6de5fef9a4526bc210696934ec92f88eea533964c66642ee9cb351273e2be02469a56365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d4008e958405867ce7d6f6bd94af61be

SHA1
c9d262d5b08efd570c1b2aa47893d41874460d35

SHA256
36054fa136a4688de895ae6b2a7d415b7de362d91d32f9381d6fa100887817f5

SHA512
9924db676c7d83c13ce83831eb9ac67c53e06e816f31c168b8402df32823e4a6e37dd5c39a12173b54b81bc687fd79ea626658e0e7eedacf489bd08d0f05beac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
571aba494531bc8d45cea89caae2ef9d

SHA1
d2f09767650b9239058d039178ea24027593cfb7

SHA256
21a1e89b46a407a4d37cc2507f98cb3205c1fa295596ec6b4e12651360f25bc8

SHA512
cd87dc07da7653c59b0bca814b0fce941b36b834e4a6a72c497fd15ad0c98035aea7e2a65d3bd2162b9a10aba7f07dc2ed579a9fd9dc84f18e167ee5b83d3670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4eebe00640020745dd38173eeaaf66e4

SHA1
4e1e050add02efcc8ced22015621cd34410f2572

SHA256
7c6fad8fd5729e5aefaa8f42071522e57f98796745317f73ed3984b6a8f08231

SHA512
65c43739cc2d1ec37d265edd70a4c7ff18169da014d23766cbe3964828e413c281310463cbeb142ef60aca79deb64a47d69ddfbf94fd24b78a5f1351e3e620b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f40ddc4b324a9ac3a81540304699f12

SHA1
0500f722751d35291698dcd048a7f723d6ef00ea

SHA256
9983b5487b81552caa4fe5c9074adade843844739efd42b148425f397504df1a

SHA512
3dbb41afbc455b0997d70c2f5d65dbf632d30eff91d48bac79cc15f8367c33a7190949eb8d611c9d0b9401df5b135bc277ea620addd39d78f19a314348c69c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
473ceb52d8daa2fb01ee11d8baa414b8

SHA1
d08826bc5611444f7d0aad77a174f334aae77135

SHA256
a781b146b5d53083bc10b577ff3aba6c6f675e5d4e6b2c2fe66ecfdc3dd62026

SHA512
4ce1a199d79f735a55eb62763b491a7efb599b295464526dea6b4e4fed7a804ae4519f16554fa791feb4601257a3572d9fd9008ccea7b439467413b08122056e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8f23150e4047139b57c6e1b72eb797d6

SHA1
155179b788493cb1306a8cd4cbd2d719e82433f1

SHA256
51a59490e063bc3b2df59606dd06e11a498316d2e8762b790b90fe4d175a523c

SHA512
2c6ca573daec1693d2544ec50bea893efaf075af0a436c117ef158e447aa4a0a9130d49df605132a1ff064784a6265da9e0feb6b223c1ee374679f83fafd3388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c06839e1f0a8acbae4f1387462447a7b

SHA1
ce45d36912f9c532889ffc8e3c67169a2f8ff047

SHA256
7087a9e8616089a3f288403f80c130586b97c2376140b10f6ee5c3777abe0fcd

SHA512
2ec63f0d7e21e2f2420e011940d63621fcee815e22fc38a15789bba8ac2c5079678fd6b06bc454f1d4efa2752855de1fbd3186aca3959c1a2b56d4796221a156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d5a961ef6f1f9bd5c5649f6b5dc06365

SHA1
e411726c45afc33495229486593faf448707d6d4

SHA256
5e8f634ae3fc57bc64ed6c20dc0e82ce9cd678eab5bc25b9a2b34419b981d985

SHA512
0b3c4edf6eabf4d6496ef3f9db4edeb51cd5a1d07e9b3449749b58c101704891223e2c4e3e0641b05b1576315d09e76006e5b0bb67a81892b9c249646a72f127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\2474602a-cad7-4e44-9ee4-367480869926\index-dir\the-real-index

Filesize
96B

MD5
eeab656da4c78944c52c2b76787528f8

SHA1
ca067bcde687f6100d19f1dbaadd55c0c4becb37

SHA256
887592525282de8bf2918daea8696054a8395d3bb1d6fc1c8af57267d75457b6

SHA512
726d1f7d67c670761d61ebabf140ac2bb8266d802c2edc69d9e72f87efc54c65955645ff55a03461c9b3cd2661e5c790c624ec80115aeda20459d9aee29f7234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\2474602a-cad7-4e44-9ee4-367480869926\index-dir\the-real-index

Filesize
120B

MD5
6e62d41700f97f8fdab8eb46c490fac9

SHA1
d8235b7f5a86f18d52ec938891bf02955588d9a2

SHA256
2221d2754b93674c08e2aa040cf7c74f95a69fd21be024c26b4ac4a1f8d92b77

SHA512
a1931733057d54df64f4a7ddce43b1ca20b88ef74f7f15251fc5d6330a0d77c7571ffbf4bcc5a3d0e93cbd1bb88cc9883c8476fb0b1fd106182f3d3b7272732c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\2474602a-cad7-4e44-9ee4-367480869926\index-dir\the-real-index~RFe57f898.TMP

Filesize
48B

MD5
21c5979c4064d5f3978ee48580885986

SHA1
0ffb8dc6b48a4bcec26752d5508842e491060cba

SHA256
5b1be385659544dd3e772ac9b40eb84aeaad026bd93e2fa252a116fb02ffd66d

SHA512
2fee0815ef4e9efa96488f23fcb8c74b0a0eead1f01033de3d114628257a12d0ff0fc8861dd1ad3be644d3041019266c589a7e2edc865c2b65963c12d8126e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\2bce1bda-0834-41bb-a7a3-fcf97a92d139\index-dir\the-real-index

Filesize
72B

MD5
8626cafe78b20be46af588a7f5be52e8

SHA1
4256b4ce4de7b3aeb452d13cd59fc2a6754c6e2d

SHA256
3294b6ba787c279aebed1e76a95904dbb18d60c0f471e694e9d8575a38788fa1

SHA512
957600e2b8be9aac932a2e3e71dd585df17b8a255064ad76d295445819227ec5499cbb862556636c4e6883296fd3bb90563cf07f2d5598c463f2a5bee4773aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\2bce1bda-0834-41bb-a7a3-fcf97a92d139\index-dir\the-real-index~RFe57f80c.TMP

Filesize
48B

MD5
d76061ef727ce513e15384a33d20c00c

SHA1
7b7fa0dcc2ca051d1fe0e28f8e2857f07cf0fac8

SHA256
c46cb7c569b4a43809ecfd4d3597c72fafcc993444ed83a423de174446817b4d

SHA512
bc40a4c0f4b837bea6eeb159d99cfce12c390a39d491f1f7d6c11e5860b14df6aa3c6087b2d23b31014c9d84ad3c607d8f95cde768f41783a97706729095d2af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\bd1bb1f6-fbe8-4746-9943-3eef9fbfff92\index-dir\the-real-index

Filesize
72B

MD5
438a4520951343784c8eba5e94d4c318

SHA1
0a229853eadfc077a8b6123ad582e470608cd135

SHA256
9984d742941e03bd57e8d41e1edc14b2ec2a3c0ff2c043fd60edc3cd511df471

SHA512
b3915262bd8978ff4cdb85651c306e70cda9fea2ff107d2939e85415bd28cd09d8afab68179a77a7f2b62b77fed82b800c068db839d629685562a9b7dea5fa5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\bd1bb1f6-fbe8-4746-9943-3eef9fbfff92\index-dir\the-real-index~RFe583c0a.TMP

Filesize
48B

MD5
ebe313d615a09d59bf453ea96bce3a9e

SHA1
27530096cc21699b135f79a15ef298828fdd7549

SHA256
545887cf666ff6dff8ab301220881439ad27cd1927f8909ce717209bad03bae7

SHA512
9319fb5288e426fb920b8600e71d2033a64d52924de554cde98ef251adaaefbada1817d888a6c898648c1ddff0a826b79217074f2dc4b9e2f2503c720d0b5107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
213B

MD5
c92902975d3728d9774e10079634ecd2

SHA1
23ed3a3514e123c03f3b9122dd5934e1d99a97b1

SHA256
a3dfc8c4025c71c81188a61bff4a6b8c2099be87bbcde390ddb30f7728e996f2

SHA512
c1d6835babf58ce924669e5f98c3703270deb18a3158914bd1721eb4beab3e68aba6cfefa27d980ac7f497a2c7addfa954cf72420fcdca51f4f33c140566cded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
93B

MD5
665bd8b04144b90062ffd9b150eee7f1

SHA1
f5387ca70552e76a5130dffb27607b93d850d542

SHA256
554adb9815ff9527859371c9a11f6026a580809e6300e271c20bd94ae142edaf

SHA512
4b4f9d56f07c99f3e3e374e9f7eb414f888ea4743dbe537a2c66eb06d0dd29b1daefac9319d66b01eab1745947218ee856f2a58a30e0f67c5dc71821ac83ff4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
153B

MD5
cb818bbb3b39f7ee97560ebc5e5eab3d

SHA1
8753e2ac2419cde8f1c35968bed66bf59154b9eb

SHA256
3e42303fa5b2f106719aca36b4b50da72130fc0b05ea9315882ca37194eca83c

SHA512
14edc5d64ec213708276e7f1953ab97374681b6e959ec885a68ff7e497e93fcd8fa5958d572e1c8f29f14dae8029df514e4b4924d99a719e2d902907442ed9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
218B

MD5
95818416aee17d1f665bbaa9a7ca7ef3

SHA1
c0798785c917ae65c95da43ac9b0fd0aff63dac1

SHA256
f7a9bcdc90cd65d6401c0dc8e54498aaae756702615c5a7d98085fb12c033fb0

SHA512
7b7184d25f417ffb0905eeecd5a896ef88706d14b6f3ecc5ffbeaaa36c1dbd35d3b7113312d648354072983925f5aee13aed09e24a81a4eb02fff3dea3535f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2c2aab1aba0545d3efb057a43c1942912846e3c\index.txt

Filesize
213B

MD5
9c0b5b0f8d19a99fc34a872692d2bad1

SHA1
319e0d6ff003bea163c72bf3e7984824815a20b7

SHA256
d5827abbb1040367b6de87f84e042b09d6efc1205391265eefc0ed8335a37fb6

SHA512
6d13d958b00b839eab285f4b6935ab3a4bb6a8edc72487a86aec6599ace61ec7ebb2fa8c0c7a1ff2db9527c7f722c04902ce895151ae23983c3620afdcec775d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
03820f997ea0b8bf98d9bd141e4fc3f0

SHA1
3b64ef1e63f63fa2b194ba552a7a52a40860de2d

SHA256
83affbdb3faaca9dae10ece19de9c6746901d05d972065448ba23c2b6fb9b762

SHA512
ed73276c4c073a7bde4f0cad02f0b74a6eaf858c6b9707b06477c6879d8e3b38744e3e8f96a45414d142df16f367475b8966676a074171a3e7fcf0a17199748d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f51e.TMP

Filesize
48B

MD5
b682db66057d3eeac28942f7701e5247

SHA1
177d7ff8f044cacf49d5d7ee4cc811cd3b156c05

SHA256
d3b219b0a34d65667952b1c8a7f0da2de2e31207f137ca9d3089374eb35ef468

SHA512
65761f26108bf755d3c48360786e3f20d4b225530e474b8dc3600ee1bba9da48af89cff376084e26d772dee6b0a00439193f03e2f954deabc5b2a0fa1a16cddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a023c6ddd8046adba8e195a22960b726

SHA1
58e00a92b1b65c77d37090e6118ae4c419553a6d

SHA256
94cf017b3924916528d45189210db4759a1fa38a0b59af219e92f1e2937adf31

SHA512
a1067e18b4ed20b7d7cd418255baf20db0559d4be2c8789c1486c824c85c91dc6822b01438924dcc23b2bd2f4287bf7c006de8b8e27ea644c76663378aadcabc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b1e97aa742f58d5bac5f106c40589e6b

SHA1
139216bbf0b2ee80d52ca5e2336b0394164044a6

SHA256
6318d4ecf4fc03f59be9a075b1122d4d48777657c3522a4ae1c9da4f34f55c91

SHA512
98c0aa19bf76fbb8f2d59db7ead1d53fd343d189db7d1ce749714f9d88f7585b0cdf804afae91d77852939915c84cc20328f9bb32289a0002ac2ceb69ecb6343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c3672d527f62c95e029ffdeaf2ca4c76

SHA1
b69eee7ebf4ef3e7bdead83322ab21e38a3ddd57

SHA256
e0de4f9d173e14816b94017322518ec64bf4d3b3c7333aba2fd566c88c73e42a

SHA512
7bdf6993c5293030061419be4f19ae836935c381ac13d50c5b05d8a6d0d6724ea3fcd275adb00464e37ccd26b7ea73e0c888b0d0b9b0b5291b9aa8a8a13d2532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8dd6a09f4ce60856c6c894c4222ab87e

SHA1
54eb3c59afe3af527342b9ff7930291a0dcd130e

SHA256
fb377124a3e6762a12af7ff4fe549a76c4b988c71353c6b59c4e59dbe5924f42

SHA512
d967213b5319863a874f978e2f08a5c030ce244dc5375ad250bc87563fe76ba018831e790e4160854981d4475b0388ebc4803b047cdb36e56b74fac1303752af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dd061e5be2d06d41b7f44c4de0a28692

SHA1
4a7c45dbb7c1780c917ca7da31a93e9314cff5d2

SHA256
5fba32da1a864ea0228c6f021988d9c35687839874450c08749b21ff6d5bb5ef

SHA512
470882246d9b8ae8fede1e5f932a1a1dd5d064cf0040a2bf3a20ed20dbe2deefaad846e0b25581048db0b3af66d62492a0967654887b551fa56d6f322f5811fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
02f08a829f30c3895db4101fc77f0ada

SHA1
b04bab45431a6eaa4b093d1245bc044e04cb8821

SHA256
54d1cb634d6b7dce7466f695ea572409acd82fa8d1e9c2574024d611999d53ed

SHA512
4831c8e9f0459614befae734649925ebd887f97bd48b03b7c8fb040e019dade2ca55307b20906c064cbdf4dd43c5f211aecc937b4db170a751c032e790a50f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eee57ab674938bcd8b906a668f4c5927

SHA1
6be8521849fd7e68e7fa49f1634afc9b565036fa

SHA256
41c4e89c8fe956d8d658b19b96aa070f54d4f41cd2255e89be7f77aa768dd4d3

SHA512
5a1d91041a61c67869be19fc528a8e7f09bebc92cbf97c7c4bbfe3eda4294cbd405cd9917fc8679cf52a5b359b2bc29e29d9db1aa0a1e3725241c8d2e88ca02d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5811ed.TMP

Filesize
1KB

MD5
62e08cd44ec773b8c2dd4fc99cd0cb89

SHA1
2346ea4e3f8084489c8d7bb1d239a3509c485290

SHA256
3b349482ea61d02e257a28a971cd38dfb1cd3d05c20e6141f70cb6ae25386432

SHA512
7c5994220aeb9389f921948ea377691271958f3b49b78cd5aaae1c30e8f8c3a5dfe33b11196d117bb82ad931204bc00fd711a51c8d26a62d8429d84155f9668a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
347025541f71e0c2f1867272fc0e5468

SHA1
89e02a8f8f7ce14c732341fb5fe38325cac9a9e3

SHA256
5f5c08ceb2636ffd51198f11bf620619d454ad9d13dcdedbb37b8d0e8f07e8d6

SHA512
e946b0067e7df8e4a279b5272c3a3df6226e8b1b6f9f0d2da97a6c2a6da617ceda3b1dbceb7753a25747026b3ed24cc1cb940e6873fab837e40a8a870dadbc90

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit